chore(deps)(deps): bump the npm-dependencies group across 1 directory with 34 updates

[dependabot]

Bumps the npm-dependencies group with 31 updates in the /packages/web-app-vercel directory:

Package	From	To
@aws-sdk/client-s3	3.1041.0	3.1075.0
@aws-sdk/s3-request-presigner	3.1041.0	3.1075.0
@radix-ui/react-select	2.2.6	2.3.1
@supabase/supabase-js	2.105.1	2.108.2
@tanstack/react-query	5.100.8	5.101.2
@upstash/redis	1.37.0	1.38.0
@vercel/blob	2.3.3	2.5.0
framer-motion	12.38.0	12.42.0
ipaddr.js	2.3.0	2.4.0
lucide-react	1.14.0	1.21.0
next	16.2.6	16.2.9
react	19.2.5	19.2.7
@types/react	19.2.14	19.2.17
react-dom	19.2.5	19.2.7
tailwind-merge	3.5.0	3.6.0
undici	6.25.0	8.5.0
@playwright/test	1.59.1	1.61.1
@serwist/next	9.5.10	9.5.11
@tailwindcss/postcss	4.2.4	4.3.1
@types/jsdom	28.0.1	28.0.3
@types/node	25.6.0	26.0.1
@typescript-eslint/eslint-plugin	8.59.1	8.62.0
@typescript-eslint/parser	8.59.1	8.62.0
eslint	9.39.4	10.6.0
eslint-config-next	16.2.4	16.2.9
jest	30.3.0	30.4.2
jest-environment-jsdom	30.3.0	30.4.1
msw	2.14.2	2.14.6
prettier	3.8.3	3.9.1
sharp	0.34.5	0.35.2
tsx	4.21.0	4.22.4

Updates @aws-sdk/client-s3 from 3.1041.0 to 3.1075.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1075.0

3.1075.0(2026-06-23)

New Features

• client-kafka: Amazon MSK Replicator now supports mTLS authentication when connecting to external Apache Kafka clusters, enabling customers to replicate data from clusters that require mutual TLS for client authentication. This capability is supported when replicating to Amazon MSK Express brokers. (005f9529)

---

For list of updated packages, view updated-packages.md in assets-3.1075.0.zip

v3.1074.0

3.1074.0(2026-06-22)

Chores

• xml-builder:
  • move testing devDeps to root, remove unused nodable dep (#8118) (ed82880d)
  • parse XML internally (#7863) (74d0a071)

Documentation Changes

• typo in contributing.md (#8116) (87ff33d3)

New Features

• clients: update client endpoints as of 2026-06-22 (3a55a333)
• client-cloudwatch-logs: CloudWatch Logs Updates - New APIs introduced to support syslog ingestion to a log group. For more information, see CloudWatch Logs API documentation. (01a3b513)
• client-bedrock-agentcore: Adds an optional extractionMode field to CreateEvent. SKIP retains the event in short-term memory but excludes it from long-term memory extraction. (749753ad)
• client-omics: Adds support for scratch ephemeral storage mounted at tmp (331e3023)
• client-application-signals: Application Signals now supports dynamic instrumentation and Service Events telemetry. Add instrumentation at runtime without restarts, and use fine-grained profiling data to quickly pinpoint latency and error root causes. (f93b1c03)
• client-mediaconnect: AWS MediaConnect now supports Content Quality Analysis for Router Inputs, enabling detection of black frames, frozen frames, and silent audio with configurable thresholds. (05054853)
• client-lambda-core: Initial release of the AWS Lambda Core SDK with APIs to create, manage, and tag network connectors that enable Lambda compute resources to access private resources in your Amazon VPC. (e35cdab8)
• client-lambda: Add support for tagging Network Connector resources in AWS Lambda. (fbfc4078)
• client-guardduty: Added AI-powered investigations that automatically analyze security findings, correlate related activity, and produce structured summaries with risk assessment, confidence scoring, MITRE technique classification, and actionable next steps. (83c29839)
• client-lambda-microvms: Lambda MicroVMs GA launch. Lambda MicroVMs enable isolated and highly responsive execution of user-supplied or LLM-generated code. (5519a7e2)
• client-kafka: Amazon MSK Replicator now supports mTLS authentication when connecting to external Apache Kafka clusters, enabling customers to replicate data from clusters that require mutual TLS for client authentication. This capability is supported when replicating to Amazon MSK Express brokers. (ce7d1bf5)
• client-quicksight: Updated the Amazon Quick Spaces API to remove unsupported SPACE and ARTIFACT values from the SpaceQuickSightResourceType enum. (e1b325d4)
• client-ec2: This release adds support for AMI Watermark and Allowed AMIs integration (d1698bed)
• client-direct-connect: Added VIF rate limiting support for AWS Direct Connect, allowing customers to set bandwidth allocations on virtual interfaces to manage traffic on dedicated connections. (228a95dc)

Bug Fixes

• cloudfront-signer: filename asterisk apostrophe encoding fix (#8119) (35acab40)

---

For list of updated packages, view updated-packages.md in assets-3.1074.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1075.0 (2026-06-23)

Note: Version bump only for package @​aws-sdk/client-s3

3.1074.0 (2026-06-22)

Note: Version bump only for package @​aws-sdk/client-s3

3.1073.0 (2026-06-19)

Note: Version bump only for package @​aws-sdk/client-s3

3.1072.0 (2026-06-18)

Note: Version bump only for package @​aws-sdk/client-s3

3.1071.0 (2026-06-17)

Note: Version bump only for package @​aws-sdk/client-s3

3.1070.0 (2026-06-16)

Features

• client-s3: Added support for annotations. You can now attach up to 1000 annotations (up to 1 MB each) directly to objects and create, retrieve, list, and delete them using new annotation APIs. Also added support for configuring an annotation table in S3 Metadata. (c555874)

... (truncated)

Commits

• 29ee199 Publish v3.1075.0
• c48dfa0 Publish v3.1074.0
• 74d0a07 chore(xml-builder): parse XML internally (#7863)
• ee71adc Publish v3.1073.0
• 501cd33 Publish v3.1072.0
• 3ce820a Publish v3.1071.0
• 4f2cfe1 Publish v3.1070.0
• c555874 feat(client-s3): Added support for annotations. You can now attach up to 1000...
• 7058d13 Publish v3.1069.0
• 67981c5 chore(scripts): tuning the build graph (#8095)
• Additional commits viewable in compare view

Updates @aws-sdk/s3-request-presigner from 3.1041.0 to 3.1075.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.1075.0

3.1075.0(2026-06-23)

New Features

• client-kafka: Amazon MSK Replicator now supports mTLS authentication when connecting to external Apache Kafka clusters, enabling customers to replicate data from clusters that require mutual TLS for client authentication. This capability is supported when replicating to Amazon MSK Express brokers. (005f9529)

---

For list of updated packages, view updated-packages.md in assets-3.1075.0.zip

v3.1074.0

3.1074.0(2026-06-22)

Chores

• xml-builder:
  • move testing devDeps to root, remove unused nodable dep (#8118) (ed82880d)
  • parse XML internally (#7863) (74d0a071)

Documentation Changes

• typo in contributing.md (#8116) (87ff33d3)

New Features

• clients: update client endpoints as of 2026-06-22 (3a55a333)
• client-cloudwatch-logs: CloudWatch Logs Updates - New APIs introduced to support syslog ingestion to a log group. For more information, see CloudWatch Logs API documentation. (01a3b513)
• client-bedrock-agentcore: Adds an optional extractionMode field to CreateEvent. SKIP retains the event in short-term memory but excludes it from long-term memory extraction. (749753ad)
• client-omics: Adds support for scratch ephemeral storage mounted at tmp (331e3023)
• client-application-signals: Application Signals now supports dynamic instrumentation and Service Events telemetry. Add instrumentation at runtime without restarts, and use fine-grained profiling data to quickly pinpoint latency and error root causes. (f93b1c03)
• client-mediaconnect: AWS MediaConnect now supports Content Quality Analysis for Router Inputs, enabling detection of black frames, frozen frames, and silent audio with configurable thresholds. (05054853)
• client-lambda-core: Initial release of the AWS Lambda Core SDK with APIs to create, manage, and tag network connectors that enable Lambda compute resources to access private resources in your Amazon VPC. (e35cdab8)
• client-lambda: Add support for tagging Network Connector resources in AWS Lambda. (fbfc4078)
• client-guardduty: Added AI-powered investigations that automatically analyze security findings, correlate related activity, and produce structured summaries with risk assessment, confidence scoring, MITRE technique classification, and actionable next steps. (83c29839)
• client-lambda-microvms: Lambda MicroVMs GA launch. Lambda MicroVMs enable isolated and highly responsive execution of user-supplied or LLM-generated code. (5519a7e2)
• client-kafka: Amazon MSK Replicator now supports mTLS authentication when connecting to external Apache Kafka clusters, enabling customers to replicate data from clusters that require mutual TLS for client authentication. This capability is supported when replicating to Amazon MSK Express brokers. (ce7d1bf5)
• client-quicksight: Updated the Amazon Quick Spaces API to remove unsupported SPACE and ARTIFACT values from the SpaceQuickSightResourceType enum. (e1b325d4)
• client-ec2: This release adds support for AMI Watermark and Allowed AMIs integration (d1698bed)
• client-direct-connect: Added VIF rate limiting support for AWS Direct Connect, allowing customers to set bandwidth allocations on virtual interfaces to manage traffic on dedicated connections. (228a95dc)

Bug Fixes

• cloudfront-signer: filename asterisk apostrophe encoding fix (#8119) (35acab40)

---

For list of updated packages, view updated-packages.md in assets-3.1074.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.1075.0 (2026-06-23)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1074.0 (2026-06-22)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1073.0 (2026-06-19)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1072.0 (2026-06-18)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1071.0 (2026-06-17)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1070.0 (2026-06-16)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1069.0 (2026-06-15)

... (truncated)

Commits

• 29ee199 Publish v3.1075.0
• c48dfa0 Publish v3.1074.0
• ee71adc Publish v3.1073.0
• 501cd33 Publish v3.1072.0
• 3ce820a Publish v3.1071.0
• 4f2cfe1 Publish v3.1070.0
• 7058d13 Publish v3.1069.0
• 67981c5 chore(scripts): tuning the build graph (#8095)
• 0632f6d Publish v3.1068.0
• 0a3246f Publish v3.1067.0
• Additional commits viewable in compare view

Updates @radix-ui/react-select from 2.2.6 to 2.3.1

Changelog

Sourced from @​radix-ui/react-select's changelog.

2.3.1

• Allowed a Select.Item with an empty string value to act as a "clear" option. Selecting it resets the selection back to the placeholder, restoring the native <select> behavior for optional selects.
• Fixed a bug where typeahead search resulted in focusing an element that no longer exists.
• Updated dependencies: @radix-ui/react-slot@1.3.0, @radix-ui/react-popper@1.3.1, @radix-ui/react-dismissable-layer@1.1.13, @radix-ui/react-primitive@2.1.6, @radix-ui/react-collection@1.1.10, @radix-ui/react-focus-scope@1.1.10, @radix-ui/react-portal@1.1.12, @radix-ui/react-visually-hidden@1.2.6

2.3.0

• Added unstable Provider and BubbleInput parts to Select. Select.unstable_Provider sets up Select's context and state without implicitly rendering the hidden native select, and Select.unstable_BubbleInput exposes that previously internal native select so consumers can recompose it explicitly. Select continues to render both by default.
• Added support for presence-based exit animations in Select
• Fixed Select hidden input so it submits empty string when no value is selected
• Fixed placeholder rendering when a controlled Select is reset to an empty value
• Added missing __selectScope prop to PopperContent component
• Fixed Select closing unexpectedly after touch-scrolling its content when rendered inside an open shadow DOM
• Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
• Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
• Fixed SelectValue logging invalid prop errors when used with both asChild and a placeholder
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-popper@1.3.0, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/number@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-callback-ref@1.1.2, @radix-ui/react-use-controllable-state@1.2.3, @radix-ui/react-use-layout-effect@1.1.2, @radix-ui/react-use-previous@1.1.2, @radix-ui/react-visually-hidden@1.2.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-select since your current version.

Updates @radix-ui/react-slot from 1.2.4 to 1.3.0

Changelog

Sourced from @​radix-ui/react-slot's changelog.

1.3.0

Added generic type arguments for SlotProps and createSlot

SlotProps and createSlot now accept generic type arguments to specify the type of element a slot should render, as well as its props.

const Slot = createSlot<HTMLButtonElement, MyCustomButtonProps>("Slot");

1.2.5

• Fixed infinite re-render loop in React 19 caused by Slot creating a new ref callback on every render
• Added support for nested Slottable via a render prop, so a slotted element can be wrapped while still merging Slot props and refs onto it
• Added repository.directory to all package.json files
• Improved error messages for invalid slot children
• Updated dependencies: @radix-ui/react-compose-refs@1.1.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-slot since your current version.

Updates @supabase/supabase-js from 2.105.1 to 2.108.2

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.108.2

2.108.2 (2026-06-15)

🩹 Fixes

• auth: preserve valid session on refresh failure and cooldown repeat failures (#2436)
• realtime: clarify httpSend() 404 error and server migration note (#2444)
• release: pin Deno and bound JSR publish to survive stranded-task hangs (#2439)
• release: restore JSR publish flags and enable for beta (#2440)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.108.2-canary.5

2.108.2-canary.5 (2026-06-15)

This was a version bump only, there were no code changes.

v2.108.2-canary.4

2.108.2-canary.4 (2026-06-12)

🩹 Fixes

• realtime: clarify httpSend() 404 error and server migration note (#2444)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.108.2-canary.3

2.108.2-canary.3 (2026-06-11)

This was a version bump only, there were no code changes.

v2.108.2-canary.2

2.108.2-canary.2 (2026-06-11)

🩹 Fixes

• release: restore JSR publish flags and enable for beta (#2440)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.108.2-canary.1

2.108.2-canary.1 (2026-06-11)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.108.2 (2026-06-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.108.0 (2026-06-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.107.0 (2026-06-02)

🚀 Features

• auth: remove navigator.locks-based mutex; introduce commit guard + dispose() (#2392)
• supabase: update X-Client-Info to structured metadata format (#2359)
• realtime: allow httpSend to send binary payload (#2400)

❤️ Thank You

• Claude Sonnet 4.6
• Eduardo Gurgel
• Guilherme Souza
• Katerina Skroumpelou @​mandarini
• Omar Al Matar @​Bewinxed

2.106.2 (2026-05-25)

🩹 Fixes

• misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

• Myroslav Hryhschenko @​BLOCKMATERIAL

2.106.1 (2026-05-20)

🩹 Fixes

• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.106.0 (2026-05-18)

🚀 Features

• supabase: W3C/OpenTelemetry trace context propagation (#2163)

... (truncated)

Commits

• 76f3f02 test(auth): add passkey unit and e2e coverage (#2442)
• 65fafe5 chore(release): version 2.108.0 changelogs (#2433)
• 57014e1 chore(release): version 2.107.0 changelogs (#2421)
• 54ec2b6 feat(auth): remove navigator.locks-based mutex; introduce commit guard + disp...
• 3397c92 feat(supabase): update X-Client-Info to structured metadata format (#2359)
• 335207f feat(realtime): allow httpSend to send binary payload (#2400)
• 42f12dd docs(repo): ship per-package AGENTS.md and migrations via npm (#2397)
• b200b74 chore(release): version 2.106.2 changelogs (#2396)
• a5f09cf chore(repo): adopt pnpm catalog and clean up devDeps (#2389)
• c72cc56 fix(misc): add react-native export condition for Hermes-safe resolution (#2393)
• Additional commits viewable in compare view

Updates @tanstack/react-query from 5.100.8 to 5.101.2

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.101.2

Patch Changes

• Updated dependencies [f5bf180, 25cdd97, ecd89c8, 01c7634, 49012db]:
  • @​tanstack/query-devtools@​5.101.2
  • @​tanstack/react-query@​5.101.2

@​tanstack/react-query-next-experimental@​5.101.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.101.2

@​tanstack/react-query-persist-client@​5.101.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.101.2
  • @​tanstack/react-query@​5.101.2

@​tanstack/react-query@​5.101.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.101.2

@​tanstack/react-query-devtools@​5.101.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-devtools@​5.101.1
  • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-next-experimental@​5.101.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/react-query@​5.101.1

@​tanstack/react-query-persist-client@​5.101.1

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-persist-client-core@​5.101.1
  • @​tanstack/react-query@​5.101.1

@​tanstack/react-query@​5.101.1

Patch Changes

• Updated dependencies [9eff92e]:

... (truncated)

Changelog

Sourced from @​tanstack/react-query's changelog.

5.101.2

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.101.2

5.101.1

Patch Changes

• Updated dependencies [9eff92e]:
  • @​tanstack/query-core@​5.101.1

5.101.0

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.101.0

5.100.14

Patch Changes

• fix(react-query): do not go into optimistic fetching state when not subscribed (#10759)

• Updated dependencies []:

  • @​tanstack/query-core@​5.100.14

5.100.13

Patch Changes

• Updated dependencies [d423168]:
  • @​tanstack/query-core@​5.100.13

5.100.12

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.12

5.100.11

Patch Changes

• Updated dependencies []:
  • @​tanstack/query-core@​5.100.11

... (truncated)

Commits

• 610e8d1 ci: Version Packages (#10996)
• 1f84256 docs: document the select typing caveat for parallel-queries hooks (#10984)
• b809297 ci: Version Packages (#10977)
• ccc843e test({react,preact}-query/useQueries): move type-only tests to 'useQueries.te...
• 4154613 test({react,preact}-query/useMutation): split 'should handle conditional logi...
• 8bb5fde test({react,preact}-query/useMutation): split 'should pass meta to mutation' ...
• 87426a3 test(react-query): replace deprecated 'toBeCalledTimes' with 'toHaveBeenCalle...
• feb1efd test(*): move 'vi.useRealTimers' to the end of 'afterEach' so cleanup runs un...
• f3d8d2a ci: Version Packages (#10774)
• 532bb29 fix(tests): disable local coverage instrumentation (#10776)
• Additional commits viewable in compare view

Updates @upstash/redis from 1.37.0 to 1.38.0

Release notes

Sourced from @​upstash/redis's releases.

@​upstash/redis@​1.38.0

Minor Changes

• c71f581: Separate read/write commands into separate pipelines in auto pipeline. As a result, mixed read/write Promise.all batches may now be split across multiple pipeline HTTP requests instead of a single request, and read-after-write ordering may no longer be preserved within those mixed batches.

@upstash/redis@1.38.0-canary-20260505130836-8b3b33ccd367ba9ddb5b7f5ca33eb32ccf7e940d

What's Changed

• DX-2506: add redis search into skills by @​CahidArda in upstash/redis-js#1427
• fix: rename redis search analytics demo by @​CahidArda in upstash/redis-js#1428
• DX-2555: add supply chain security settings by @​CahidArda in upstash/redis-js#1429
• fix: add version sync to ci by @​alitariksahin in upstash/redis-js#1430

Full Changelog: https://github.com/upstash/redis-js/compare/@​upstash/redis@1.37.0...@​upstash/redis@1.38.0-canary-20260505130836-8b3b33ccd367ba9ddb5b7f5ca33eb32ccf7e940d

Commits

• 7607549 chore: version packages (#1433)
• c71f581 DX-2577: Seperate read/write commands into seperate pipelines in auto pipelin...
• e3a23ab fix: add version sync to ci (#1430)
• 12e9a9e DX-2555: add supply chain security settings (#1429)
• f59fa75 fix: docs link
• c88b8e5 fix: rename redis search analytics demo (#1428)
• 5d8abc1 feat: add redis search into skills (#1427)
• See full diff in compare view

Updates @vercel/blob from 2.3.3 to 2.5.0

Release notes

Sourced from @​vercel/blob's releases.

@​vercel/blob@​2.5.0

Minor Changes

• 31a8b8f: Deprecate the useCache option on get(). The backend no longer honors the cache=0 query parameter it produced, so the option is now a no-op — reads always go through the standard caching path. The option is still accepted (and ignored) to avoid breaking existing callers, and will be removed in a future major version.

Patch Changes

• 9ac2586: Read the Vercel OIDC token via @vercel/oidc's refreshing getVercelOidcToken instead of the non-refreshing getVercelOidcTokenSync. This refreshes an expired token in development environments. In production with a valid token, behavior is unchanged. If a refresh is needed but fails, the token is treated as absent so callers still fall back to BLOB_READ_WRITE_TOKEN.

@​vercel/blob@​2.4.1

Patch Changes

• b7027de: Read the Vercel OIDC token via the @vercel/oidc package (getVercelOidcTokenSync) instead of an inlined copy. This makes the dependency explicit and discoverable, and matches how other Vercel packages consume OIDC. Behavior is unchanged except for one edge case: a blank x-vercel-oidc-token request-context header now resolves to no token rather than falling back to VERCEL_OIDC_TOKEN.

@​vercel/blob@​2.4.0

Minor Changes

• 20eeaff: Add Vercel OIDC auth and presigned URLs

Changelog

Sourced from @​vercel/blob's changelog.

2.5.0

Minor Changes

• 31a8b8f: Deprecate the useCache option on get(). The backend no longer honors the cache=0 query parameter it produced, so the option is now a no-op — reads always go through the standard caching path. The option is still accepted (and ignored) to avoid breaking existing callers, and will be removed in a future major version.

Patch Changes

• 9ac2586: Read the Vercel OIDC token via @vercel/oidc's refreshing getVercelOidcToken instead of the non-refreshing getVercelOidcTokenSync. This refreshes an expired token in development environments. In production with a valid token, behavior is unchanged. If a refresh is needed but fails, the token is treated as absent so callers still fall back to BLOB_READ_WRITE_TOKEN.

2.4.1

Patch Changes

• b7027de: Read the Vercel OIDC token via the @vercel/oidc package (getVercelOidcTokenSync) instead of an inlined copy. This makes the dependency explicit and discoverable, and matches how other Vercel packages consume OIDC. Behavior is unchanged except for one edge case: a blank x-vercel-oidc-token request-context header now resolves to no token rather than falling back to VERCEL_OIDC_TOKEN.

2.4.0

Minor Changes

• 20eeaff: Add Vercel OIDC auth and presigned URLs

Commits

• bb04f82 Version Packages (#1077)
• 9ac2586 [@​vercel/blob] Use refreshing getVercelOidcToken from @​vercel/oidc (#1076)
• 31a8b8f [@​vercel/blob] Deprecate useCache option on get() to a no-op (#1075)
• 0232533 ci: enable npm provenance attestation on publish (#1074)
• 63b87d6 Version Packages (#1073)
• b7027de [@​vercel/blob] Read OIDC token via @​vercel/oidc instead of inlined copy (#1072)
• db13e94 Version Packages (#1069)
• 20eeaff Add Vercel OIDC auth and Presigned URLs (#1056)
• 171f08d chore(deps): update dependency @​types/node to v24.12.2 (#1046)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​vercel/blob since your current version.

Updates framer-motion from 12.38.0 to 12.42.0

Changelog

Sourced from framer-motion's changelog.

[12.42.0] 2026-06-24

Changed

• animateView: Layers are automatically grouped to match their DOM-hierarchy. New .group(false) method opts-out.

Fixed

• animateView: Auto-crop is now aspect-ratio aware, disabling crops for matching aspect-ratios.
• animateView: Disabled automatic border-radius animation.

[12.41.0] 2026-06-23

Added

• animateView: Moves from Motion+ Early Access and alpha to main library.
• animateView: .add() resolves a CSS selector or Element to automatically generate, apply and remove view-transition-name.
• animateView: .new() and .old() configures values to animate on new and old layers.
• animateView: .layout() can set a custom transition on the size/position animation of the currently selected elements.
• animateView: Group layers now automatically crop with children set to cover, with border-radius animating from old radius to new. .crop(false) disables this behaviour.
• animateView: .class(name) tags currently selected elements with a view-transition-class as a custom CSS hook.

Fixed

• AnimatePresence: Prevent stuck exit animations when children interrupt.
• drag: Child e.stopPropagation() no longer break drag end.
• Fixing Next.js OOM on Windows when importing via motion package.
• animateLayout: Improve handling of parallel/interleaved calls.

Changed

• animateView: .enter() and .exit() now refer specifically to new and old layers where there are no matching old or new layers.
• animateView: Interrupted transition setups now return resolved animation rather than throwing.

[12.40.0] 2026-05-21

Added

• path option to transition.
• arc() for motion along an arc.

[12.39.0] 2026-05-18

Added

• Support for repeatType and repeatDelay in animation sequences.

Fixed

• Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.

... (truncated)

Commits

• 9c84145 v12.42.0
• 60d7c72 Add view-transition group nesting and aspect-aware cropping
• 6437276 Updating
• f0f893e v12.41.0
• c0c53cb Updating changelog
• 18c3e3e Removing plans
• 378fc4c Merge pull request #3761 from motiondivision/worktree-view-target
• 94ea505 Merge branch 'main' into worktree-view-target
• de65f6b Fade auto morph crossfades over the spring's visual duration
• f8af239 Let an explicit duration override the inherited spring on a view layer
• Additional commits viewable in compare view

Updates ipaddr.js from 2.3.0 to 2.4.0

Changelog

Sourced from ipaddr.js's changelog.

2.4.0 - 2026-05-03

• remove Bower support
• add RFC9637, RFC9602, RFC8215, RFC3879 reserved address ranges

Commits

• 61bd6df Bump version.
• f563e5c Add RFC9637, RFC9602, RFC8215, RFC3879 reserved address ranges.
• 9992db9 Rename 2001:10::/28 from deprecated to deprecatedOrchid.
• 5686480 Indicate which RFCs reserved some IPv6 ranges.
• 9199d3f Remove bower.json
• 1915d22 spelling: string
• 85eb23c spelling: javascript
• 4222342 spelling: ip v6
• 1c76a35 spelling: hexadecimal
• 82e4b6d spelling: addresses
• Additional commits viewable in compare view

Updates lucide-react from 1.14.0 to 1.21.0

Release notes

Sourced from lucide-react's releases.

Version 1.21.0

What's Changed

• ci(release.yml): Remove new-version in release flow by @​ericfennis in lucide-icons/lucide#4478
• ci(release.yml): Fix workflow and remove version scripts in package scripts by @​ericfennis in lucide-icons/lucide#4479
• fix(docs): rename navigation category label by @​Hsiii in lucide-icons/lucide#4483
• feat(icons): added broken-bone icon by @​Patolord in lucide-icons/lucide#4131

New Contributors

• @​Hsiii made their first contribution in lucide-icons/lucide#4483
• @​Patolord made their first contribution in lucide-icons/lucide#4131

Full Changelog: lucide-icons/lucide@1.20.0...1.21.0

Version 1.20.0

What's Changed

• fix(icons): decreased size of arrows inside square-arrow-* icons by @​jguddas in lucide-icons/lucide#3926
• chore(tags): Add tags to search- icons by

[greptile-apps]

PR author is in the excluded authors list.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
audicle-web	Ignored		Jun 28, 2026 1:08am

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 24 hours (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/hirokis-projects-afd618c7?upgradeToPro=build-rate-limit